Upload
kshitij-gulati
View
246
Download
12
Tags:
Embed Size (px)
Citation preview
Software Updates Management in System Center 2012 Configuration Manager
Contents
Introduction to Software Updates Management4Reference Flowcharts5Installation & Configuration6Prerequisites & Requirements6Software Updates6Endpoint Protection6Installation & Configuration6Software Update Point6Endpoint Protection Role6Configuring Client Settings7Configuring Client Settings for Software Updates7Configuring Client Settings for Endpoint Protection7Other Relevant Client Settings8Deployment9Client Requirements9Update Groups9Deployment Packages9Deployments9Maintenance Windows9Maintenance10Expired Updates10Content Cleanup10WSUS Server Maintenance (by Meghan Stewart)11How it works13Software Update Point Installation13WSUS Configuration Manager14Synchronization15On Central Administration Site or Standalone Primary Site15On Child Primary Site and Secondary Sites19Compliance22Software Update Scan Policy22WSUS Server Location24Software Update Scan on Clients28State Message Processing Flow32Software Update Summarization35Software Update Switching (SP1 and R2 only)36Deployment36Creating a Software Update Group36Creating a Deployment for Software Update Group manually38Creating a Deployment using an Automatic Deployment Rule43Deployment Evaluation and Update Installation on Clients47State Message Reporting55End User Experience56Scenario 1 Suppress Restart Disabled56Scenario 2 Suppress Restart Enabled58Scenario 3 Override Maintenance Window without suppressing reboot60Best Practices62Troubleshooting62Synchronization62Relevant Data62Synchronization fails with WSUS server not configured62Synchronization fails due to issues with EULA64Synchronization fails due to errors communicating with Microsoft Update64WSUS Control Manager (WSUSCtrl) reports an error64Compliance65Relevant Data65Scan Failures65Group Policy overrides WSUS Server66Compliance results Unknown66Clients are unable to find the WSUS Source Location67Deployment67Relevant Data67Updates fail to get downloaded67Updates fail to get installed67Unexpected Reboots OR Updates Getting Installed outside Maintenance Window68Procedures68A. Logging68How to enable Verbose & Debug Logging on the Configuration Manager Client & Management Point68How to enable Verbose Logging for State System component on the Site Server69How to enable Verbose Logging for WSUS Synchronization Manager (WSyncMgr)69How to enable SQL Tracing for Configuration Manager Logs69How to enable verbose logging for Windows Update Agent69How to configure SQL Profiler to troubleshoot WSUS Location Request Issues.70How to configure SQL Profiler to see State Message processing.70B. Synchronization71How to Configure Proxy Settings for the Software Update Point71How to Check Proxy Configuration on a computer72How to Configure WSUS Server Connection Account for the Software Update Point72How to Determine the Port Settings Used by WSUS72Verify Anonymous Access is Enabled on the DssAuthWebService Virtual Directory73Check Permissions on the ApiRemoting30 Virtual Directory73Check the Update Source Settings in WSUS73How to test Connectivity from Site Server to WSUS74How to check WSUS Server Version75Configure Software Update Point for Secure Sockets Layer (SSL)75C. Compliance76How to check Proxy Settings on a Client76How to check if WSUS Server Ports are accessible from the client77How to verify connectivity on a client against the WSUS (Software Update Point) Server77How to reset the Windows Update Agent Data Store77How to use Windows Update Troubleshooter and update the Windows Update Agent to the latest version78D. Deployment78How to review ServiceWindowManager.log78How to review the Audit Status messages to find if a Deployment was modified79FAQ79How many clients can the Software Update Point support?79Whats the maximum number of updates you can have in a Deployment?79Can I manage software updates for clients in an untrusted forest?80
Introduction to Software Updates Management
Software updates in SystemCenter2012 ConfigurationManager provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. An effective software update management process is necessary to maintain operational efficiency, overcome security issues, and maintain the stability of the network infrastructure. However, because of the changing nature of technology and the continual appearance of new security threats, effective software update management requires consistent and continual attention.
Configuration Manager synchronizes Software Updates from the Microsoft Update Catalog to retrieve software updates metadata, and makes them available in the Configuration Manager console. In order to do this, Configuration Manager requires a WSUS Server where Software Update Point Role is installed. After the synchronization completes, a site-wide policy is created that provides to client computers the location of the Software Update Point. After receiving this policy, clients scan for software update compliance against the WSUS Server (Software Update Point) and report the scan results to the Management Point which then sends that information to the Configuration Manager Site Server. This allows an Administrator to determine which updates are required on the Clients so that updates can be deployed to the clients efficiently. After the updates are deployed, clients install the updates and send updated compliance results back which can then be used for compliance reporting.
As such, Software Update Management can be broken down in to 4 main components:
Synchronization Compliance Deployment Reporting
Installation & Configuration
Prerequisites & Requirements
Software Updates
Prerequisites for Software Updates in Configuration Manager are documented here:http://technet.microsoft.com/en-us/library/hh237372.aspx
Requirements for the Site System that will host the Software Update Point role are documented here: http://technet.microsoft.com/en-us/library/c1e93ef9-761f-4f60-8372-df9bf5009be0#BKMK_SupConfigSiteSystemReqhttp://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUPInstallation
Endpoint Protection
Prerequisites for Endpoint Protection in Configuration Manager are documented here:http://technet.microsoft.com/en-us/library/hh508780.aspx
Requirements for the Site System that will host the Endpoint Protection role are documented here: http://technet.microsoft.com/en-us/library/c1e93ef9-761f-4f60-8372-df9bf5009be0#BKMK_SupConfigSiteSystemReq
Installation & Configuration
How to install a Site System Role in Configuration Manager:http://technet.microsoft.com/en-us/library/5c669a3c-404f-4a5d-88f0-bc40443ebaae#BKMK_HowtoInstallSiteSystemsSoftware Update Point Role
Installation and Configuration of Software Update Point Role: http://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c541b#BKMK_InstallSUP
Synchronize Software Updates:http://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c541b#BKMK_SUMSync
Configure Classifications and Products to Synchronize:http://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c541b#BKMK_ConfigureClassesProductsEndpoint Protection Role
Steps to Configure Endpoint Protection in Configuration Manager:http://technet.microsoft.com/en-us/library/hh508770.aspx
Installation of the Endpoint Protection Point Role: http://technet.microsoft.com/en-us/library/hh508770.aspx#BKMK_Step1
Configure Alerts for Endpoint Protection in Configuration Manager:http://technet.microsoft.com/en-us/library/hh508782.aspx
Configure Definition Updates for Endpoint Protection in Configuration Manager:http://technet.microsoft.com/en-us/library/jj822983.aspx
Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager:http://technet.microsoft.com/en-us/library/hh508785.aspx
Configuring Products and Classifications required for Endpoint Protection for Software Update Point:
1) In theConfiguration Manager Console, go to:a) Go to the Administration Pane, expand Site Configuration, and click Sitesb) Right click on the Central Administration or Standalone Primary Sitec) Select Configure Site Components, then click Software Update Point.2) On theClassificationstab, ensure that theDefinition Updatescheck box andtheUpdatescheck box are selected.3) On theProductstab, ensure that the productForefront Endpoint Protection 2010check box is selected, and then clickOK.
Configuring Client Settings
How to create and configure Client Settings in Configuration Manager:http://technet.microsoft.com/en-us/library/gg682109
About Client Settings in Configuration Managerhttp://technet.microsoft.com/en-us/library/gg682067.aspx
Configuring Client Settings for Software Updates
Information about Software Update Client Settings:http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_SoftwareUpdatesDeviceSetting
Planning for Settings associated with Software Updates:http://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_Settingshttp://technet.microsoft.com/en-us/library/912bfec1-fd19-4f56-a840-4ecd643c541b#BKMK_AssociatedSettings
Configuring Client Settings for Endpoint Protection
Information about Endpoint Protection Client Settings:http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_EndpointProtectionDeviceSettings
Configuring Client Settings for Endpoint Protection:http://technet.microsoft.com/en-us/library/hh508770.aspx#BKMK_Step2
Other Relevant Client Settings
Background Intelligent Transfer:http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_BITS
Client Policy:http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_ClientPolicyDeviceSettings
Computer Agent:http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_ComputerAgentDeviceSettings
Computer Restart:http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_ComputerRestartDeviceSettings
Network Access Protection (NAP):http://technet.microsoft.com/en-us/library/gg682067.aspx#BKMK_NAPDeviceSettings
State Messaging:State Message Reporting Cycle (minutes) - Default value is 15 minutes
Deployment
Client Requirements
Windows Update Agent 3.0 minimum
Update Groups
Software update groups provide you with an effective method to organize software updates in your environment. For steps on adding updates to an update group, refer to:http://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_AddUpdatesToGroup
Deployment Packages
Planning for Content Management:http://technet.microsoft.com/en-us/library/gg712321.aspx
Downloading updates to Deployment Package:http://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_DownloadUpdates
Distributing Deployment Package to the Distribution Points:http://technet.microsoft.com/en-us/library/gg712694.aspx#BKMK_DistributeContent
Monitoring Content:http://technet.microsoft.com/en-us/library/gg712694.aspx#BKMK_MonitorContent
Deployments
Deploying Software Updateshttp://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_SUMDeploy
Example Scenario for Deploying Security Software Updates released monthly:http://technet.microsoft.com/en-us/library/jj134348.aspx
Manual Deploymenthttp://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_ManualDeploy
Automatic Deployment Rules (ADR)http://technet.microsoft.com/en-us/library/gg712304.aspx#BKMK_AutoDeploy
Deploying Definition Updates for Endpoint ProtectionSee Using Configuration Manager Software Updates to Deliver Definition Updates section:http://technet.microsoft.com/en-us/library/jj822983.aspx
Maintenance Windows
Maintenance Windowshttp://technet.microsoft.com/en-us/library/hh508762.aspx
Maintenance Windows vs. Business Hours:http://blogs.technet.com/b/server-cloud/archive/2012/03/28/business-hours-vs-maintenance-windows-with-system-center-2012-configuration-manager.aspx
Maintenance
Expired Updates
As part of the ongoing Update Revision process, some updates are Expired by Microsoft within the Microsoft Update Catalog; this is usually because there is a newer version of the update available or a specific problem with the existing update. During Software Update Synchronization, these Expired updates get marked as Expired in the Configuration Manger console as well which is indicated by a Grey icon next to the Update. These expired updates are automatically cleaned up from the Configuration Manager database on a schedule.
Removal of the Expired Updates is performed by the WSUS Synchronization Manager Component and these updates are removed only if the following conditions are true: Update is not referenced in an Update Assignment. Update is older than the value of Updates Cleanup Age (7 days by default)
WSUS Synchronization Manager on the top-level Configuration Manger site checks for Updates to cleanup every 1 hour, and removes expired updates if they match the criteria. When WSUS Synchronization Manager deletes expired updates, the following entries can be seen in the WSyncMgr.log:
Deleting old expired updates... SMS_WSUS_SYNC_MANAGERDeleted 100 expired updates SMS_WSUS_SYNC_MANAGER Deleted 2995 expired updates total SMS_WSUS_SYNC_MANAGER
Content Cleanup
As Expired Updates are removed, Content for those Expired updates can get orphaned. WSUS Synchronization Manager also cleans up the Content that is no longer referenced on a schedule. As part of the content cleanup, WSUS Synchronization Manager goes through the packages owned by the current site and finds Content that is no longer referenced and removes the content from the Package source directory. Content is only removed if the Content has been orphaned for more than 1 day (by default).
If any content is removed, the cleanup process also refreshes the package so that the updated content is sent to the Distribution Points. When WSUS Synchronization Manager removes orphaned content, the following entries can be seen in the WSyncMgr.log:
Deleting orphaned content for package CS100006 (EPDefinitions) from source SMS_WSUS_SYNC_MANAGERDeleting orphaned content folder \\\51b6db15-6938-4b37-9fa8-caf513e13930...SMS_WSUS_SYNC_MANAGER..Deleting orphaned content folder \\\526b6a85-a62c-4d54-bc0d-b3409223b0df...SMS_WSUS_SYNC_MANAGERDeleted 12 orphaned content folders in package CS100006 (EPDefinitions)SMS_WSUS_SYNC_MANAGERRefreshing package CS100006 (EPDefinitions)SMS_WSUS_SYNC_MANAGER
For more information about cleanup of Expired Updates and Content, refer to this blog post:http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/software-update-content-cleanup-in-system-center-2012-configuration-manager.aspx
WSUS Server Maintenance (by Meghan Stewart)
In order to maintain performance of the WSUS Database, it is recommended that you routinely perform the WSUS Cleanup Wizard actions on the WSUS database (SUSDB) as well as the re-index of the WSUS Database (SUSDB) on each WSUS server that is hosting a Software Update Point role within the Configuration Manager environment. The important thing to remember when performing WSUS Cleanup Wizard actions in a multi-level hierarchy is that you run the cleanup process on the lowest tier of WSUS servers first, then move up to the next higher tier to run the cleanup wizard actions, and continue up the hierarchy until you reach the top tier WSUS server. When you do the cleanup wizard actions, you are removing data from the WSUS servers and should remove from the bottom of the hierarchy and move up. The WSUS maintenance can be performed simultaneously on multiple servers in the same tier. Although the re-index can be performed in any order on any WSUS servers SUSDB, it is recommended to perform the cleanup and reindex on each WSUS server together with the re-index being run first followed by the cleanup wizard actions (i.e. Tuning the performance of the susdb first via the re-index will allow the cleanup wizard actions to run more quickly).
To perform a WSUS Server Cleanup:
Run the WSUS Server Cleanup Wizard from the WSUS Console > Options. Microsoft recommends WSUS Maintenance be run once a month. If the cleanup has never been run and the WSUS Server has been in production for a while, the cleanup may time out. In that case, run the cleanup with only the top box checked (Unused updates and updates revisions), wait for it to finish and then run the Cleanup with the next option. This may require a few passes to complete the cleanup process. Lastly run cleanup with all the options selected. You can find more information about the WSUS Server Cleanup wizard here: http://technet.microsoft.com/en-us/library/dd939856(v=ws.10)
To reindex the WSUS Database (SUSDB):
After the cleanup is finished, you should re-index the WSUS database (SUSDB) with the following script: http://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61
If WSUS Database is installed on SQL Server, you can use the SQL Server Management studio to connect to the Database Server and run the database maintenance script.
If WSUS Database is installed on Windows Internal Database, you can either use the SQL Management Studio Express or the sqlcmd utility.
1. To use SQL Management Studio Express:a. Launch SQL Management Studio Express, and connect to the database server.For Server 2012 or Server 2012 R2, Server Name would be: \\.\pipe\MICROSOFT##WID\tsql\queryFor older Operating Systems, Server Name would be: \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\queryb. Click on New Query, paste the contents of the Database maintenance script and Execute
2. To use sqlcmd utility, launch a command prompt running as Administrator and run the following command:For Server 2012 or Server 2012 R2: sqlcmd -S \\.\pipe\MICROSOFT##WID\tsql\query -i \WsusDBMaintenance.sqlFor older Operating Systems: sqlcmd -S \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i \WsusDBMaintenance.sql
TIP:If you are not sure if WSUS Database is hosted on SQL Server or Windows Internal Database, you can check the following registry key on the WSUS server:HKLM\Software\Microsoft\Update Services\Server\Setup\SQLServerName
If you see just the ServerName or Server\Instance, you are using SQL server. If you see something that has the string ##SSEE or ##WID in it, you installed the WSUS database on the Windows Internal Database.
TIP:To determine the version of SQL Server Management Studio Express to install:1) For Server 2012 or Server 2012 R2, go to C:\Windows\WID\Log and open the latest ErrorLog in notepad.2) For Server 2008 R2 or below, go to C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\LOG and open the latest ErrorLog in notepad.
At the very top of the ErrorLog, you will find the version number ex: 9.00.4035.00 x64. Lookup the version number here: http://www.sqlteam.com/article/sql-server-versions, and locate what SP level it is running. Use the version number and SP level to search the Download Center for SQL Management Studio Express.
How it works
NOTE:
All log excerpts in this section are from Configuration Manager 2012 R2 environment with Verbose & Debug Logging Enabled. To see how to enable verbose & debug logging, see How to enable Verbose & Debug Logging.
To see some of the SQL queries being executed in the logs on the Configuration Manager Site Server, you would need to enable SQL Tracing in the logs. To see how to do this, see How to enable SQL Tracing for Configuration Manager Logs.
Software Update Point Installation
Installation is initiated by adding the Software Update Point Role. When the Software Update Point Role is installed, an instance of SMS_SCI_SysResUse class is created.
SMSProv.log:PutInstanceAsync SMS_SCI_SysResUseSMS Provider2/9/2014 10:53:16 PM5804 (0x16AC)CExtProviderClassObject::DoPutInstanceInstanceSMS Provider2/9/2014 10:53:16 PM5804 (0x16AC)INFO: 'PR1SITE.AWESOME.COM' is a valid FQDN.SMS Provider2/9/2014 10:53:16 PM5804 (0x16AC)
Site Component Manager detects the change in Site Control Information, and initiates the installation of the Software Update Point Role.
SiteComp.log:Parsed the master site control file, serial number 3559422579.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM4460 (0x116C)Synchronizing server table and polling servers as needed...SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM4460 (0x116C) Synchronizing component server PR1SITE.AWESOME.COM...SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM4460 (0x116C) Installing component SMS_WSUS_CONTROL_MANAGER...SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798)INFO: 'PR1SITE.AWESOME.COM' is a valid FQDN.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) Creating registry keys Operations Management\SMS Server Role\SMS Software Update Point on server PR1SITE.AWESOME.COM.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) Updated WSUS Configuration for PR1SITE.AWESOME.COM.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) The component is being installed on the site server, no files need to be installed in the "E:\ConfigMgr" directory because the files are already there.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) All files installed.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) Starting bootstrap operations...SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) Installed service SMS_SERVER_BOOTSTRAP_PR1SITE.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798) Starting service SMS_SERVER_BOOTSTRAP_PR1SITE with command-line arguments "PR1 E:\ConfigMgr /install E:\ConfigMgr\bin\x64\rolesetup.exe SMSWSUS "...SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:23 PM6040 (0x1798)
Once the role installation is started by Site Component Manager, SUPSetup.log is created which contains information regarding the role installation.
SUPSetup.log: ==================================================================== SMSWSUS Setup Started.... Parameters: E:\ConfigMgr\bin\x64\rolesetup.exe /install /siteserver:PR1SITE SMSWSUS 0 Installing Pre Reqs for SMSWSUS ======== Installing Pre Reqs for Role SMSWSUS ======== Found 1 Pre Reqs for Role SMSWSUS Pre Req SqlNativeClient found. SqlNativeClient already installed (Product Code: {D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}). Would not install again. Pre Req SqlNativeClient is already installed. Skipping it. ======== Completed Installation of Pre Reqs for Role SMSWSUS ======== Installing the SMSWSUS Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608) Checking runtime v2.0.50727... Did not find supported version of assembly Microsoft.UpdateServices.Administration. Checking runtime v4.0.30319... Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.2.9200.16384 Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.2.9200.16384 Supported WSUS version found Supported WSUS Server version (6.2.9200.16384) is installed. CTool::RegisterManagedBinary: run command line: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe" "E:\ConfigMgr\bin\x64\wsusmsp.dll" CTool::RegisterManagedBinary: Registered E:\ConfigMgr\bin\x64\wsusmsp.dll successfully Registered DLL E:\ConfigMgr\bin\x64\wsusmsp.dll Installation was successful. ~RoleSetup().
After the role is installed, Site Component Manager removes the Bootstrap service that is created to perform the installation.
SiteComp.log: "E:\ConfigMgr\bin\x64\rolesetup.exe /install /siteserver:PR1SITE.AWESOME.COM" executed successfully on server PR1SITE.AWESOME.COM.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:46 PM6040 (0x1798) Bootstrap operation successful.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:46 PM6040 (0x1798) Deinstalled service SMS_SERVER_BOOTSTRAP_PR1SITE.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:46 PM6040 (0x1798) Bootstrap operations completed.SMS_SITE_COMPONENT_MANAGER2/9/2014 10:53:46 PM6040 (0x1798)
WSUS Configuration Manager
WSUS Configuration Manager connects to the WSUS Server once every hour and configures the WSUS Server with the settings that are defined for the Software Update Point in the Configuration Manager console. WSUS Configuration Manager uses the WSUS APIs to connect to the WSUS Server, which is the reason WSUS Administration Console is required on the Configuration Manager Site Server since the WSUS Administration Console installs the APIs that are used to connect to the WSUS Server. It is important that the WSUS Administration Console also has KB2734608 installed which is a pre-requisite for the Software Update Point Role.
WCM.log:Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)SMS_WSUS_CONFIGURATION_MANAGERChecking runtime v2.0.50727...SMS_WSUS_CONFIGURATION_MANAGERDid not find supported version of assembly Microsoft.UpdateServices.Administration.SMS_WSUS_CONFIGURATION_MANAGERChecking runtime v4.0.30319...SMS_WSUS_CONFIGURATION_MANAGERFound supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.2.9200.16384SMS_WSUS_CONFIGURATION_MANAGERFound supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.2.9200.16384SMS_WSUS_CONFIGURATION_MANAGERSupported WSUS version foundSMS_WSUS_CONFIGURATION_MANAGER
If the products/classifications defined for the Software Update Point are modified, SMS Provider makes changes in the appropriate CI_ tables in the database. For instance, when a product is selected for Synchronization SMS Provider updates rows in CI_CategoryInstances and CI_UpdateCategorySubscription tables. SMS Database Monitor monitors these tables and after detecting an update, drops a CSB file in the WSUSMgr.box notifying WCM to update the WSUS Server Configuration.
SMSDBMon.log:RCV: UPDATE on CI_CategoryInstances for CategoryNotify_iud [177 ][14252]SMS_DATABASE_NOTIFICATION_MONITOR2/9/2014 6:21:50 PM3472 (0x0D90)RCV: UPDATE on CI_UpdateCategorySubscription for SubNotify_iu_WCM [177 ][14253]SMS_DATABASE_NOTIFICATION_MONITOR2/9/2014 6:21:50 PM3472 (0x0D90)SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\177.CTN [14252]SMS_DATABASE_NOTIFICATION_MONITOR2/9/2014 6:21:50 PM3472 (0x0D90)SND: Dropped E:\ConfigMgr\inboxes\WSUSMgr.box\177.CSB [14253]SMS_DATABASE_NOTIFICATION_MONITOR2/9/2014 6:21:51 PM3472 (0x0D90)
WCM wakes up after getting notified and connects to the WSUS Server to ensure that WSUS Server is configured with the options defined in the Configuration Manager console.
WCM.log:File notification triggered WCM Inbox.SMS_WSUS_CONFIGURATION_MANAGERSetting new configuration state to 4 (WSUS_CONFIG_SUBSCRIPTION_PENDING)SMS_WSUS_CONFIGURATION_MANAGERAttempting connection to WSUS server: CE1SITE.AWESOME.COM, port: 8530, useSSL: FalseSMS_WSUS_CONFIGURATION_MANAGERSuccessfully connected to server: CE1SITE.AWESOME.COM, port: 8530, useSSL: FalseSMS_WSUS_CONFIGURATION_MANAGERSubscribed Update Categories ~~~~~~~~~~~~~~~~SMS_WSUS_CONFIGURATION_MANAGERConfiguration successful. Will wait for 1 minute for any subscription or proxy changesSMS_WSUS_CONFIGURATION_MANAGERSetting new configuration state to 2 (WSUS_CONFIG_SUCCESS)SMS_WSUS_CONFIGURATION_MANAGER
Using WSUS APIs to connect to the WSUS Server works by connecting to the ApiRemoting30 virtual directory on the WSUS Website. It is important that you specify the correct port configuration when installing the Software Update Point role for this to work.
Synchronization
On Central Administration Site or Standalone Primary Site
The software updates synchronization process at the top-level site retrieves from Microsoft Update the software updates metadata that meet the criteria that you specify in Software Update Point Component properties. You configure the criteria only at the top-level site. Starting in Configuration ManagerSP1, at the top-level site, you can specify as the synchronization source instead of Microsoft Update an existing WSUS server that is not in the Configuration Manager hierarchy.
The following list describes the basic steps for the synchronization process on the top-level site:
Software updates synchronization starts. Synchronization can be initiated either manually or on a schedule. WSUS Synchronization Manager sends a request to WSUS running on the software update point to start synchronization with Microsoft Update. WSUS synchronizes software updates metadata from Microsoft Update, and any changes are inserted or updated in the WSUS database. After WSUS has finished synchronization, WSUS Synchronization Manager synchronizes the software updates metadata from the WSUS database to the Configuration Manager database, and any changes after the last synchronization are inserted or updated in the site database. The software updates metadata is stored in the site database as a configuration item. For a stand-alone Primary site running System Center 2012 Configuration Manager SP1 or R2 only: WSUS Synchronization Manager sends a request one at a time to WSUS running on other software update points at the site WSUS Synchronization Manager sends a synchronization request to all child sites. The software updates configuration items are sent to child sites by using database replication.
Details: Software updates synchronization starts. Synchronization can be initiated either manually or on a schedule.
When synchronization is initiated on a schedule, WSUS Synchronization Manager (WSyncMgr) wakes up on the configured schedule and initiates a Synchronization:
WSyncMgr.log:Wakeup for scheduled regular syncSMS_WSUS_SYNC_MANAGER1/16/2014 2:25:00 PMStarting SyncSMS_WSUS_SYNC_MANAGER1/16/2014 2:25:00 PMPerforming sync on regular scheduleSMS_WSUS_SYNC_MANAGER1/16/2014 2:25:00 PM
When synchronization is initiated manually from the Console, WSyncMgr is notified to initiate a sync by executing the SyncNow Method in the SMS_SoftwareUpdate WMI Class. This method updates the Update_SyncStatus table in the Site Database, and sets the value of SyncNow to SELF which triggers SMS Database Notification Monitor (SMSDBMON) to drop SELF.SYN file in the WSyncMgr.box which causes WSyncMgr to wake up and initiate a synchronization.
SMSProv.log:ExecMethodAsync : SMS_SoftwareUpdate::SyncNowSMS Provider1/16/2014 2:19:38 PM3248 (0x0CB0)
SQL Profiler Trace:update Update_SyncStatus set SyncNow = 'SELF' where SiteCode = dbo.fnGetSiteCode()update Update_SyncStatus set SyncNow = null where SiteCode = dbo.fnGetSiteCode()
SMSDBMON.log:RCV: UPDATE on Update_SyncStatus for SyncNotif_WSyncMgr [SELF ][47788]SMS_DATABASE_NOTIFICATION_MONITOR1/16/2014 2:19:44 PMSND: Dropped E:\ConfigMgr\inboxes\WSyncMgr.box\SELF.SYN [47788]SMS_DATABASE_NOTIFICATION_MONITOR1/16/2014 2:19:44 PM
WSyncMgr.log:Wakeup by inbox dropSMS_WSUS_SYNC_MANAGER1/16/2014 2:19:44 PMFound local sync request fileSMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PMStarting SyncSMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PMPerforming sync on local requestSMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PM
WSyncMgr then reads the list of Software Update Points from the Site Control File (SCF). WSyncMgr would first synchronize the SUP that was installed as the first SUP in the site, and then synchronize the remaining SUPs. All additional SUPs are configured as Replicas of the first SUP.
WsyncMgr.log:Read SUPs from SCF for CS1SITE.AWESOME.COMSMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PMFound 1 SUPsSMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PMFound active SUP CS1SITE.AWESOME.COM from SCF File.SMS_WSUS_SYNC_MANAGER1/16/2014 2:19:49 PM
When synchronization starts (either on schedule or manual), WSyncMgr creates Status Message ID 6701 to indicate that the WSUS Synchronization has started.
STATMSG: ID=6701 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS= SITE=CS1 PID=432 TID=3404 GMTDATE=Thu Jan 16 18:53:52.608 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 1:53:52 PM3404 (0x0D4C)
TIP:To manually initiate the sync, you can also drop a 0 Kb file named SELF.SYN in the WSyncMgr.box directory on the CAS or Standalone Primary Site Server.
WSUS Synchronization Manager sends a request to WSUS running on the software update point to start synchronization with Microsoft Update.
First phase of the Synchronization process is to synchronize the WSUS server with Microsoft Update (MU). WSyncMgr instructs WSUS server to start a Synchronization with MU and creates Status Message ID 6704 (WSUS Synchronization in progress. Current phase: Synchronizing WSUS Server).
WSyncMgr.log:STATMSG: ID=6704 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS= SITE=CS1 PID=432 TID=3404 GMTDATE=Thu Jan 16 18:53:53.698 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 1:53:53 PM 3404 (0x0D4C)Synchronizing WSUS server cs1site.awesome.com ...SMS_WSUS_SYNC_MANAGER1/16/2014 1:53:53 PMsync: Starting WSUS synchronizationSMS_WSUS_SYNC_MANAGER1/16/2014 1:53:53 PM
SoftwareDistribution.log:2014-01-16 18:53:54.231 UTCChangew3wp.58AdminDataAccess.StartSubscriptionManuallySynchronization manually started2014-01-16 18:53:56.168 UTCInfoWsusService.15EventLogEventReporter.ReportEventEventId=382,Type=Information,Category=Synchronization,Message=A manual synchronization was started.
WSUS synchronizes software updates metadata from Microsoft Update, and any changes are inserted or updated in the WSUS database.
WSUS starts synchronizing with MU, and WSyncMgr starts monitoring the synchronization progress.
WSyncMgr.log:sync: WSUS synchronizing categoriesSMS_WSUS_SYNC_MANAGER1/16/2014 1:53:58 PMsync: WSUS synchronizing updatesSMS_WSUS_SYNC_MANAGER1/16/2014 1:54:00 PMsync: WSUS synchronizing updates, processed 122 out of 130 items (93%), ETA in 00:00:03SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:01 PMsync: WSUS synchronizing updates, processed 130 out of 130 items (100%)SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:04 PMsync: WSUS synchronizing updates, processed 130 out of 130 items (100%)SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:08 PM
Following entries in the logs indicate that WSUS has finished synchronizing with MU.
SoftwareDistribution.log:2014-01-16 18:55:05.166 UTCInfoWsusService.15EventLogEventReporter.ReportEventEventId=384,Type=Information,Category=Synchronization,Message=Synchronization completed successfully.2014-01-16 18:55:06.307 UTCInfoWsusService.31CatalogSyncAgent.SetSubscriptionStateWithRetryFiring event SyncFinish...
WSyncMgr.log:Done synchronizing WSUS Server SMS_WSUS_SYNC_MANAGER1/16/2014 1:55:08 PMSleeping 2 more minutes for WSUS server sync results to become availableSMS_WSUS_SYNC_MANAGER1/16/2014 1:55:08 PMSet content version of update source {C2D17964-BBDD-4339-B9F3-12D7205B39CC} for site CS1 to 33SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:09 PM
After WSUS has finished synchronization, WSUS Synchronization Manager synchronizes the software updates metadata from the WSUS database to the Configuration Manager database, and any changes after the last synchronization are inserted or updated in the site database. The software updates metadata is stored in the site database as a configuration item.
Second phase of the Synchronization process is to synchronize the software update metadata from WSUS database to the Configuration Manager database. At this point, WSyncMgr creates Status Message ID 6705 (WSUS Synchronization in progress. Current phase: Synchronizing site database)
WSyncMgr.log:STATMSG: ID=6705 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS= SITE=CS1 PID=432 TID=3404 GMTDATE=Thu Jan 16 18:57:09.156 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:09 PMSynchronizing SMS database with WSUS server ...SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:09 PM
WSyncMgr reads categories and updates from the WSUS Database, and inserts/updates the Configuration Manager database. Software Update metadata for each update is stored in the site database as a Configuration Item (CI).
WSyncMgr.log:sync: SMS synchronizing categoriesSMS_WSUS_SYNC_MANAGER1/16/2014 1:57:09 PM...sync: SMS synchronizing categories, processed 223 out of 223 items (100%)SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:10 PMsync: SMS synchronizing updatesSMS_WSUS_SYNC_MANAGER1/16/2014 1:57:10 PM...Synchronizing update af5eb87e-cdd6-40bf-984f-5d0630406de8 - Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.165.1945.0)SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:12 PM...sync: SMS synchronizing updates, processed 5 out of 5 items (100%)SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:39 PM...Done synchronizing SMS with WSUS Server cs1site.awesome.comSMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PMSet content version of update source {C2D17964-BBDD-4339-B9F3-12D7205B39CC} for site CS1 to 34SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PM
After synchronization of site database is complete, the content version of the update source is updated in the database if any changes were made to the site database. After synchronization finishes successfully, WSyncMgr creates Status Message ID 6702 (WSUS Synchronization done).
WSyncMgr.log:STATMSG: ID=6702 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS= SITE=CS1 PID=432 TID=3404 GMTDATE=Thu Jan 16 18:57:46.304 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PMSync succeeded. Setting sync alert to canceled state on site CS1SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PMUpdated 130 items in SMS database, new update source content version is 34SMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PMSync time: 0d00h03m53sSMS_WSUS_SYNC_MANAGER1/16/2014 1:57:46 PM
For a stand-alone Primary site running System Center 2012 Configuration Manager SP1 or R2 only: WSUS Synchronization Manager sends a request one at a time to WSUS running on other software update points at the site
The WSUS servers on the other software update points are configured to be replicas of WSUS running on the default software update point at the site.
WsyncMgr.log:Synchronizing replica WSUS serversSMS_WSUS_SYNC_MANAGERSTATMSG: ID=6706 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 19:17:13.575 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGERSynchronizing WSUS server ps1sys.awesome.com ...SMS_WSUS_SYNC_MANAGERsync: Starting Replica WSUS synchronizationSMS_WSUS_SYNC_MANAGERsync: Replica WSUS synchronizing other itemsSMS_WSUS_SYNC_MANAGERsync: Replica WSUS synchronizing other items, processed 4 out of 4 items (100%)SMS_WSUS_SYNC_MANAGERDone synchronizing WSUS Server ps1sys.awesome.comSMS_WSUS_SYNC_MANAGER
WSUS Synchronization Manager sends a synchronization request to all child sites.
Sync notification is set to all child sites to instruct them to start a synchronization as well. The notifications are sent via File Replication and not Database Replication.
WSyncMgr.log:Sending sync notification to child site(s): PS1, PS2SMS_WSUS_SYNC_MANAGERSQL Replication type has not been set for E:\ConfigMgr\inboxes\WSyncMgr.box\outbox\CS1.SYN, replicating to (PS1, PS2), inbox: E:\ConfigMgr\inboxes\replmgr.boxSMS_WSUS_SYNC_MANAGER
The software updates configuration items are sent to child sites by using database replication.
On Child Primary Site and Secondary Sites
During the software updates synchronization process on the top-level site, the software updates configuration items are replicated to child sites by using database replication. At the end of the process, the top-level site sends a synchronization request to the child site, and the child site starts the WSUS synchronization. NOTE that since the Software Update Metadata (Configuration Items) from the Site Database are replicated to the Primary sites via Database Replication, synchronization process on the Child Primary and Secondary sites only consists of the WSUS Synchronization phase.
The following list provides the basic steps for the synchronization process on a child primary site or secondary site:
WSUS Synchronization Manager receives a synchronization request from the top-level site. Software updates synchronization starts. WSUS Synchronization Manager makes a request to WSUS running on the first software update point to start synchronization. WSUS running on the software update point on the child site synchronizes software updates metadata from WSUS running on the software update point on the parent site. For Configuration Manager with no service pack only:When there is a remote Internet-based software update point, WSUS Synchronization Manager starts the synchronization process for WSUS running on the remote site system. For SystemCenter2012 ConfigurationManagerSP1 and SystemCenter2012R2 ConfigurationManager only:WSUS Synchronization Manager sends a request one at a time to WSUS running on other software update points (including Internet facing SUPs) at the site When synchronization has finished successfully, WSUS Synchronization Manager creates status message 6702. From a primary site, WSUS Synchronization Manager sends a synchronization request to any child secondary sites. The secondary site starts the software updates synchronization with the parent primary site. The secondary sites SUP is configured as a replica of WSUS running on the parent site.
Details: WSUS Synchronization Manager receives a synchronization request from the top-level site.
When the Sync notification sent by the parent site arrives in the inboxes\WSyncMgr.box via File Replication, WSyncMgr wakes up and starts Synchronization.
WSyncMgr.log:Wakeup by inbox dropSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:32 PM2832 (0x0B10)Found parent sync notification file CS1.SYN.SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM2832 (0x0B10)Starting SyncSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM2832 (0x0B10)Performing sync on parent requestSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM2832 (0x0B10)
WSyncMgr then reads the list of Software Update Points from the Site Control File (SCF). WSyncMgr would first synchronize the SUP that was installed as the first SUP in the site, and then synchronize the remaining SUPs. All additional SUPs are configured as Replicas of the first SUP.
WsyncMgr.log:Read SUPs from SCF for PS1SITE.AWESOME.COMSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PMFound 2 SUPsSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PMFound active SUP PS1SITE.AWESOME.COM from SCF File.SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PMFound active SUP PS1SYS.AWESOME.COM from SCF File.SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM
Software updates synchronization starts.
WSyncMgr.log:STATMSG: ID=6701 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 18:58:37.599 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:37 PM2832 (0x0B10)Synchronizing WSUS server PS1SITE.AWESOME.COMSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:38 PM2832 (0x0B10)
WSUS Synchronization Manager makes a request to WSUS running on the first software update point to start synchronization.
WSyncMgr.log:STATMSG: ID=6704 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 18:58:38.909 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:38 PM2832 (0x0B10)Synchronizing WSUS server ps1site.awesome.com ...SMS_WSUS_SYNC_MANAGER1/16/2014 1:58:39 PM3412 (0x0D54)
WSUS running on the software update point on the child site synchronizes software updates metadata from WSUS running on the software update point on the parent site.
WSyncMgr.log:sync: Starting WSUS synchronizationSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:39 PM3412 (0x0D54)sync: WSUS synchronizing categoriesSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:46 PM3412 (0x0D54)sync: WSUS synchronizing updatesSMS_WSUS_SYNC_MANAGER1/16/2014 1:58:47 PM3412 (0x0D54)sync: WSUS synchronizing updates, processed 130 out of 130 items (100%)SMS_WSUS_SYNC_MANAGER1/16/2014 1:59:05 PM3412 (0x0D54)Done synchronizing WSUS Server ps1site.awesome.comSMS_WSUS_SYNC_MANAGER1/16/2014 1:59:05 PM3412 (0x0D54)Sleeping 2 more minutes for WSUS server sync results to become availableSMS_WSUS_SYNC_MANAGER1/16/2014 1:59:05 PM3412 (0x0D54)Set content version of update source {C2D17964-BBDD-4339-B9F3-12D7205B39CC} for site PS1 to 34SMS_WSUS_SYNC_MANAGER1/16/2014 2:01:05 PM2832 (0x0B10)
For Configuration Manager with no service pack only:
When there is a remote Internet-based software update point, WSUS Synchronization Manager starts the synchronization process for WSUS running on the remote site system.
For SystemCenter2012 ConfigurationManagerSP1 and SystemCenter2012R2 ConfigurationManager only:
WSUS Synchronization Manager sends a request one at a time to WSUS running on other software update points (including Internet facing SUPs) at the site. The WSUS servers on the other software update points are configured to be replicas of WSUS running on the default software update point at the site.WSyncMgr creates Status Message ID 6706 (WSUS Synchronization in progress. Current phase: Synchronizing Internet facing WSUS Server). Note that even though the SUP may not be Internet Facing, the Status Message would still be 6706.
WsyncMgr.log:Synchronizing replica WSUS serversSMS_WSUS_SYNC_MANAGERSTATMSG: ID=6706 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 19:17:13.575 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGERSynchronizing WSUS server ps1sys.awesome.com ...SMS_WSUS_SYNC_MANAGERsync: Starting Replica WSUS synchronizationSMS_WSUS_SYNC_MANAGERsync: Replica WSUS synchronizing other itemsSMS_WSUS_SYNC_MANAGERsync: Replica WSUS synchronizing other items, processed 4 out of 4 items (100%)SMS_WSUS_SYNC_MANAGERDone synchronizing WSUS Server ps1sys.awesome.comSMS_WSUS_SYNC_MANAGER
When synchronization has finished successfully, WSUS Synchronization Manager creates status message 6702.
WSyncMgr.log:STATMSG: ID=6702 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=1840 TID=2832 GMTDATE=Thu Jan 16 19:01:35.117 2014 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0SMS_WSUS_SYNC_MANAGER1/16/2014 2:01:35 PM2832 (0x0B10)Sync succeeded. Setting sync alert to canceled state on site PS1SMS_WSUS_SYNC_MANAGER1/16/2014 2:01:35 PM2832 (0x0B10)Successfully synced site with parent CS1, version 34SMS_WSUS_SYNC_MANAGER1/16/2014 2:01:35 PM2832 (0x0B10)Sync time: 0d00h02m57sSMS_WSUS_SYNC_MANAGER1/16/2014 2:01:35 PM2832 (0x0B10)
From a primary site, WSUS Synchronization Manager sends a synchronization request to any child secondary sites. The secondary site starts the software updates synchronization with the parent primary site. The secondary sites SUP is configured as a replica of WSUS running on the parent site.
WSyncMgr.log:Sending sync notification to child site(s): SS1 SMS_WSUS_SYNC_MANAGER
Compliance
Before you can deploy software updates to the clients, the clients need to run a Software Update Scan. It is recommended to allow enough time for clients to run a Software Update Scan and report compliance results back so that you can review the compliance results and deploy only the updates that are required on the clients.
When the software update point is installed and synchronized, a site-wide machine policy is created that informs client computers that Configuration Manager Software Updates was enabled for the site. When a client receives the machine policy, a compliance assessment scan is scheduled to start randomly within the next two hours. When the scan is started, a Software Updates Client Agent process clears the scan history, submits a request to find the WSUS server that should be used for the scan, and updates the local Group Policy with the WSUS server location.
Following link covers an overview of the Compliance assessment process:http://technet.microsoft.com/en-us/library/gg682168.aspx#BKMK_SUMCompliance
Software Update Scan Policy
Before a client can even attempt to scan for Software Updates, it needs the Software Updates Update Source policy. This policy is created on the Site Server after a successful synchronization of the Software Update Point. This section talks about how this policy is created.
Summary:
After successful sync, WSyncMgr updates the Content Version and Last Sync Time in Database SMSDBMON gets triggered and drops .STN file in policypv.box Policy Provider creates/updates the UpdateSource Policy in the database. Policy is downloaded and evaluated on the Client on next Policy Evaluation cycle. Scan Agent is notified that the UpdateSource Policy is updated.
Details: After successful sync, WSyncMgr updates the Content Version and Last Sync Time in Database
After a successful synchronization on a Primary Site, WSyncMgr updates Last Sync Time and Content Version in the database for the Software Update Point. This is done by executing spProcessSUMSyncStateMessage Stored Procedure. In the example below, this stored procedure is being executed to update the Content Version to 36.
SQL Profiler:declare @Error int; exec spProcessSUMSyncStateMessage N'2014-01-17 17:59:54', N'PS1', N'{C2D17964-BBDD-4339-B9F3-12D7205B39CC}', 1, 0, '36', @Error output, N'PS1SITE.AWESOME.COM'
SMSDBMON gets triggered and drops .STN file in policypv.box
spProcessSUMSyncStateMessage updates the Update_SyncStatus table with the new Content Version and Sync Time, and an insert/update to the Update_SyncStatus table triggers SMSDBMON to drop .STN file (STN = Scan Tool Notification) in policypv.box to indicate a change in the scan tool definition.
SMSDBMON.log:RCV: UPDATE on Update_SyncStatus for UpdSyncStatus_iu [{C2D17964-BBDD-4339-B9F3-12D7205B39CC} ][46680]SMS_DATABASE_NOTIFICATION_MONITOR1/17/2014 1:00:00 PM2944 (0x0B80)SND: Dropped E:\ConfigMgr\inboxes\policypv.box\{C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STN (non-zero) [46680]SMS_DATABASE_NOTIFICATION_MONITOR1/17/2014 1:00:00 PM2944 (0x0B80)
Policy Provider creates/updates the UpdateSource Policy in the database.
.STN file notifies Policy Provider to wake up and update the UpdateSource policy in the database.
PolicyPv.log:Found {C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STNSMS_POLICY_PROVIDER1/17/2014 1:00:05 PM2372 (0x0944)Added Scan Tool ID {C2D17964-BBDD-4339-B9F3-12D7205B39CC}SMS_POLICY_PROVIDER1/17/2014 1:00:05 PM2372 (0x0944)Adding to delete list: E:\ConfigMgr\inboxes\policypv.box\{C2D17964-BBDD-4339-B9F3-12D7205B39CC}.STNSMS_POLICY_PROVIDER1/17/2014 1:00:05 PM2372 (0x0944)
SQL Profiler Trace:
select PolicyID, PolicyAssignmentID, SourceCRC, PADBID from SettingsPolicy where SourceID = N'PS1' and SourceType = N'UpdateSource'
select Version from Policy where PolicyID = N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}'IF EXISTS (select PolicyID from Policy where PolicyID = N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}') update Policy set Version = N'40.00' where PolicyID = N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}' ELSE insert Policy (PolicyID, Version) values (N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}', N'40.00')
exec sp_describe_undeclared_parameters N'UPDATE Policy SET Body = @P1 where PolicyID = N''{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}'''IF EXISTS (select PADBID from PolicyAssignment where PADBID = 16777218) update PolicyAssignment set Version = N'40.00', InProcess = 1 , BodyHash = null where PADBID = 16777218 ELSE insert PolicyAssignment (PolicyAssignmentID, PADBID, Version, PolicyID) values (N'{375c8020-3cae-4736-89ca-ccf1ce6e3709}', 16777218, N'40.00', N'{d0855677-b0a6-4e33-9bd5-7b0d06f0a2be}')
exec sp_describe_undeclared_parameters N'UPDATE PolicyAssignment SET Body = @P1 where PADBID = 16777218'
update PolicyAssignment set InProcess = 0, BodySignature = N' State Messaging section.
Once StateMessage.log reports that it Successfully forwarded State Messages to the MP, State Message component is not actually sending these messages itself. All messages sent and received from the MP are handled by the CCM Messaging component on the Client. CCM Messaging is the actual component which communicates with the MP for sending/receiving data. Management Point has various queues defined to handle different kinds of incoming traffic. For State Messages, the queue that handles this traffic is the MP_RelayEndpoint queue.
Summary:
State Message component on Client starts sending messages to the MP CCM Messaging sends a message containing the State Message XML Body to the MP Message is received on the MP and MP_Relay processes the message and creates a SMX file MP File Dispatch Manager sends the SMX file to the Site Server (Only when MP is not co-located on Site Server) StateSys component on Site Server processes the State Message to the Database
Details:
State Message component starts sending messages to the MP
StateMessage.log:StateMessage body: 11GUID:A1006D0E-CF56-41D1-A006-6330EFC393815.00.7958.1000PS1WIN7X6443710335State Message DataFull20140120194656.903000+0001.01.0200StateMessage1/20/2014 2:46:56 PMSuccessfully forwarded State Messages to the MPStateMessage1/20/2014 2:46:56 PM3508 (0x0DB4)
CCM Messaging sends a message containing the State Message XML Body to the MP
CCM Messaging sends a message to the MP_RelayEndpoint queue successfully. This message did not have a reply, unlike the one we noticed earlier in the WSUS Location Request section where the message with the Location Request got a Reply back.
CcmMessaging.log:Sending async message '{95F79010-D0EB-49A6-8A1E-3897883105F2}' to outgoing queue 'mp:mp_relayendpoint'CcmMessaging1/20/2014 2:46:56 PM3508 (0x0DB4)Sending outgoing message '{95F79010-D0EB-49A6-8A1E-3897883105F2}'. Flags 0x200, sender account emptyCcmMessaging1/20/2014 2:46:57 PM3004 (0x0BBC)POST: Host=PS1SYS.AWESOME.COM, Path=/ccm_system/request, Port=443, Protocol=https, Flags=512, Options=480CcmMessaging1/20/2014 2:46:57 PM3004 (0x0BBC)Message '{95F79010-D0EB-49A6-8A1E-3897883105F2}' doesn't have replyCcmMessaging1/20/2014 2:46:57 PM3004 (0x0BBC)OutgoingMessage(Queue='mp_mp_relayendpoint', ID={95F79010-D0EB-49A6-8A1E-3897883105F2}): Delivered successfully to host 'PS1SYS.AWESOME.COM'.CcmMessaging1/20/2014 2:46:57 PM3004 (0x0BBC)
Message is received on the MP and MP_Relay processes the message and creates a SMX file
As all messages are sent using HTTP/HTTPS, the message is received by IIS. In this instance, this request is made to the CCM_System virtual directory.
IIS Log:192.168.2.12 CCM_POST /ccm_system/request - 443 - 192.168.2.62 ccmhttp - 200 0 0 542 31
Once the message is received on the MP successfully, MP_Relay component processes this message, converts the message into SMX file, and moves the SMX file to appropriate location depending on whether the MP is co-located on the site server or not.On Remote MP: \SMS\mp\outboxes\StateMsg.box. MP co-located on Site Server: \inboxes\auth\StateSys.box\incoming
MP_Relay.log on MP co-located on Site Server:Mp Message Handler: start message processing for Relay. -----------------------MP_RelayEndpointMp Message Handler: FileType=SMXMP_RelayEndpointMessage Body : MP_RelayEndpointRelay: Outbox dir: E:\ConfigMgr\inboxes\auth\statesys.box\incomingMP_RelayEndpointPriority in the message = 5MP_RelayEndpointState Priority Directory = E:\ConfigMgr\inboxes\auth\statesys.box\incomingMP_RelayEndpointInv-Relay: Task completed successfullyMP_RelayEndpoint
In our example, the MP is remote to the Site Server so the MP_Relay component moves the file to \SMS\Outboxes\StateMsg.box directory. Also note that the XML body looks identical to what was logged in StateMessage.log on the Client.
MP_Relay.log on Remote MP:Mp Message Handler: start message processing for Relay. -----------------------MP_RelayEndpoint1/20/2014 2:46:57 PMMp Message Handler: FileType=SMXMP_RelayEndpoint1/20/2014 2:46:57 PMMessage Body :
11GUID:A1006D0E-CF56-41D1-A006-6330EFC393815.00.7958.1000PS1WIN7X6443710335State Message DataFull20140120194656.903000+0001.01.0200MP_RelayEndpoint1/20/2014 2:46:57 PMInv-Relay Task: Processing message bodyMP_RelayEndpoint1/20/2014 2:46:57 PMRelay: Outbox dir: C:\SMS\mp\outboxes\StateMsg.boxMP_RelayEndpoint1/20/2014 2:46:57 PMPriority in the message = 5MP_RelayEndpoint1/20/2014 2:46:57 PMState Priority Directory = C:\SMS\mp\outboxes\StateMsg.boxMP_RelayEndpoint1/20/2014 2:46:57 PMInv-Relay: Task completed successfullyMP_RelayEndpoint1/20/2014 2:46:57 PM
MP File Dispatch Manager sends the SMX file to the Site Server (Only when MP is not co-located on Site Server)
When the MP is remote to the Site Server, after the file arrives in the outboxes\StateMsg.box, MP File Dispatch Manager (MPFDM) is responsible for moving these files to the inboxes\StateMsg.box on the Site Server. When the MP is co-located on the Site Server, these files are directly moved to the appropriate inbox directory, so MPFDM is not involved.
MPFDM.log on a Remote MP:Moved file C:\SMS\MP\OUTBOXES\statemsg.box\TAZGYTSJ.SMX to \\PS1SITE.AWESOME.COM\SMS_PS1\inboxes\auth\statesys.box\incoming\TAZGYTSJ.SMXSMS_MP_FILE_DISPATCH_MANAGER1/20/2014 4:17:07 PM
In order for MPFDM to move the files to the appropriate inbox, Remote MP needs to be able to access the Registry of the Site Server to determine the Inbox Source Locations. For this to work, Remote Registry service needs to be running, and Registry Access should not be blocked via Group Policy. MPFDM determines the Inbox locations by accessing the following key on the Site Server:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Inbox Source
StateSys component on Site Server processes the State Message to the Database
After the file arrives in \inboxes\auth\StateSys.box on the Site Server, State System Manager (StateSys) component wakes up and processes the SMX file(s).
StateSys.log with Verbose Logging:Inbox notification triggered, pause for 10 seconds....SMS_STATE_SYSTEMFound new state messages to process, starting processing threadSMS_STATE_SYSTEMThread "State Message Processing Thread #0" id:4316 started SMS_STATE_SYSTEMtotal chucks loaded (1)SMS_STATE_SYSTEMCMessageProcessor - Processing file: YCE2H3VD.SMX SMS_STATE_SYSTEMCMessageProcessor - Processed 1 records with 0 invalid records.SMS_STATE_SYSTEMCMessageProcessor - Processed 1 message files in this batch, with 0 bad files.SMS_STATE_SYSTEMtotal chucks loaded (0)SMS_STATE_SYSTEMThread "State Message Processing Thread #0" id:4316 terminated normallySMS_STATE_SYSTEM
StateSys.log without Verbose Logging:Found new state messages to process, starting processing threadSMS_STATE_SYSTEM1/20/2014 4:47:19 PM3068 (0x0BFC)Thread "State Message Processing Thread #0" id:1988 startedSMS_STATE_SYSTEM1/20/2014 4:47:19 PM1988 (0x07C4)total chucks loaded (1)SMS_STATE_SYSTEM1/20/2014 4:47:19 PM1988 (0x07C4)total chucks loaded (0)SMS_STATE_SYSTEM1/20/2014 4:47:19 PM1988 (0x07C4)Thread "State Message Processing Thread #0" id:1988 terminated normallySMS_STATE_SYSTEM1/20/2014 4:47:19 PM1988 (0x07C4)
NOTE that the StateSys.log doesnt log the file name unless Verbose Logging is enabled for State System Manager. For steps on Enabling Verbose Logging for State System Manager, see Procedure C.
The SMX file that is moved to the StateSys.box contains the Message Body XML. When StateSys processes this file, it calls spProcessStateReport Stored Procedure, and passes on this XML body to the stored procedure as a parameter.
SQL Profiler:exec dbo.spProcessStateReport N'11GUID:A1006D0E-CF56-41D1-A006-6330EFC393815.00.7958.1000PS1WIN7X6443710335State Message DataFull20140120220131.071000+0001.01.0200'
spProcessStateReport is a CLR Stored Procedure, and the CLR definition has the logic to determine the type of State Message is being processed, and depending on the type of the State Message it processes the State Message appropriately and inserts the data in the database.
TIP:Friendly Names of all State Message Topic Types and IDs can be found by querying SR_StateNames table:SELECT * FROM SR_StateNames
Software Update Summarization
Before Software Update Compliance data can be presented in the console or reports, the Software Update compliance data needs to be summarized because console and reports usually display only summarized data. State System component on the Site Server performs the software update summarization along with performing summarization for other components which include Applications, DCM Deployments, Client Health, etc. Information about all the summarization tasks that State System performs can be found by querying vSR_SummaryTasks view in the Configuration Manager database. State System runs these tasks on configured schedule and logs detail about the task.
StateSys.log:Started task '' SMS_STATE_SYSTEM2/4/2014 10:49:20 AM5384 (0x1508)Task '' completed successfully after running for 15 seconds, with status 8.SMS_STATE_SYSTEM2/4/2014 10:49:35 AM5384 (0x1508)
For most of these tasks, the status logged by StateSys.log is not an error code, but instead the count of the number of rows returned by the appropriate SQL stored procedure which performs the summarization.
Summarization tasks specified to Software Updates are:
SUM Assignment Compliance Evaluator Runs every 1 hour by defaultSummarizes state messages for all Software Update Group Assignments (Deployments). This task can be initiated manually for a specific deployment by going to Configuration Manager Console > Monitoring pane > Deployments > Right click on the Deployment and select Run Summarization
SUM Update Group Status Summarizer Runs every 1 hour by defaultSummarizes status of Update Groups. This task can be initiated manually for a specific Update Group by navigating to Configuration Manager Console > Software Library pane > Software Updates > Software Update Groups > Right click on the Update Group and select Run Summarization. You can also change the schedule of this task by right clicking on Software Update Groups or selecting Schedule Summarization in the ribbon area.
SUM Update Status Summarizer - Runs every 1 hour by defaultSummarizes status of updates for all clients. This task can be initiated manually by navigating to Configuration Manager Console > Software Library pane > Software Updates node, and selecting Run Summarization. You can also change the default schedule by selecting Schedule Summarization.
SUM Migrate Update Status Runs every 24 hours by defaultMigrates update status internally within the database. This task cannot be initiated manually from the Console.
SUM Delete Aged Status Runs every 24 hours by defaultDeletes aged status from Software Update specific tables in the database. This task cannot be initiated manually from the console.
Software Update Switching (SP1 and R2 only)
Starting with Configuration Manager 2012 SP1, a site can have multiple Software Update Points which provides fault tolerance for situations when the Software Update Point stops working. The process of Software Update Points Failover and Switching is described in detail here:http://blogs.technet.com/b/configmgrteam/archive/2013/03/27/software-update-points-in-cm2012sp1.aspxhttp://technet.microsoft.com/en-us/library/gg712696.aspx#BKMK_SUPSwitching
Deployment
Creating a Software Update Group
When you create a Software Update Group in the Configuration Manager console, an instance of the SMS_AuthorizationList class is created. This instance contains information about the Software Update Group, and has relationships with the Software Updates that are in the Software Update Group.
SMSProv.log:CSspClassManager::PreCallAction, dbname=CM_PS1SMS Provider1/23/2014 1:19:36 PM1060 (0x0424)PutInstanceAsync SMS_AuthorizationListSMS Provider1/23/2014 1:19:36 PM1060 (0x0424)CExtProviderClassObject::DoPutInstanceInstanceSMS Provider1/23/2014 1:19:36 PM1060 (0x0424)Updating SDM content definition.SMS Provider1/23/2014 1:19:36 PM1060 (0x0424)Try to sync permission table : Declare @Ids RBAC_Object_Type;insert into @Ids (ObjectKey, ObjectTypeID) values (N'ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A',34);exec spRBAC_SyncPermissions @ObjectIds=@Ids,@RoleIDs=N'',@AdminIDs=N''SMS Provider1/23/2014 1:19:41 PM1060 (0x0424)Successfully synced permission tableSMS Provider1/23/2014 1:19:41 PM1060 (0x0424)Auditing: User AWESOME\Admin created an instance of class SMS_AuthorizationList.SMS Provider1/23/2014 1:19:42 PM1060 (0x0424)
As part of the Software Update Group creation, SMSProv inserts data in appropriate CI_ tables, which include:CI_ConfigurationItemsCI_ConfigurationItemRelationsCI_ConfigurationItemRElations_FlatCI_DocumentStoreCI_CIDocumentsCI_LocalizedProperties
SMSDBMON monitors when data is inserted into these tables, and drops CI Notification (CIN) files in objmgr.box.
SMSDBMon:RCV: INSERT on CI_ConfigurationItems for CINotify_iud [16777264 ][60216]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: UPDATE on CI_ConfigurationItems for CINotify_iud [16777264 ][60217]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud [16777264 ][60218]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud [16777264 ][60219]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud [16777264 ][60220]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud [16777264 ][60221]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud [16777264 ][60222]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on CI_ConfigurationItemRelations_Flat for CI_ConfigurationItemRelations_Flat_From_iud [16777264 ][60223]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: UPDATE on CI_ConfigurationItems for CINotify_iud [16777264 ][60224]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: UPDATE on CI_ConfigurationItems for CINotify_iud [16777264 ][60225]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)RCV: INSERT on RBAC_ChangeNotification for Rbac_Sync_ChangeNotification [363 ][60226]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:47 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\16777264.CIN [60225]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:48 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\hman.box\363.RBC [60226]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 1:19:48 PM3908 (0x0F44)
Object Replication Manager wakes up when files are dropped in the objmgr.box and processes the Software Update Group.
ObjReplMgr.log:File notification triggered.SMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:47 PM3380 (0x0D34)+++Begin processing changed CIN objectsSMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:52 PM3380 (0x0D34)***** Processing AuthorizationList ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A *****SMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:53 PM3380 (0x0D34)Deleting notification file E:\ConfigMgr\inboxes\objmgr.box\16777264.CINSMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:53 PM3380 (0x0D34)+++Begin collecting targeting information for Affected CIsSMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:53 PM3380 (0x0D34)+++Completed collecting targeting information for Affected CIsSMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:53 PM3380 (0x0D34)Affected CIs (1): 16777264 SMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:53 PM3380 (0x0D34)CI 16777264 is NOT TargetedSMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:53 PM3380 (0x0D34)Successfully processed AuthorizationList ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90ASMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:54 PM3380 (0x0D34)Set last row version for Configuration Item to 0x0000000000296047SMS_OBJECT_REPLICATION_MANAGER1/23/2014 1:19:54 PM3380 (0x0D34)
The changes to the CI_* tables are then replicated to the child sites via Database Replication allowing the Software Update group to show up on the child site(s).
Software Update Groups are Configuration Items themselves and CI Type ID for Software Update Groups is 9. You can view the Software Update Groups by running the following SQL Query:SELECT * FROM vSMS_ConfigurationItems WHERE CIType_ID = 9
To see the Relationships from a Software Update Group CI to the Software Update CIs, you can run the following SQL query:SELECT CIR.* FROM CI_ConfigurationItemRelations CIR JOIN CI_ConfigurationItems CI ON CIR.FromCI_ID = CI.CI_IDWHERE CI.CIType_ID = 9
Creating a Deployment for Software Update Group manually
When a deployment for a Software Update Group is created, an instance of SMS_UpdateGroupAssignment class is created which contains information about the Deployment.
SMSProv.log:PutInstanceAsync SMS_UpdateGroupAssignmentSMS ProviderCExtProviderClassObject::DoPutInstanceInstanceSMS ProviderAuditing: User AWESOME\Admin created an instance of class SMS_UpdateGroupAssignment.SMS Provider
Updates are then downloaded to the specified Packages Source directory by the Software Updates Patch Downloader component.
PatchDownloader.log in %TEMP% directory:Trying to connect to the root\SMS namespace on the PS1SITE.AWESOME.COM machine.Software Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Connected to \\PS1SITE.AWESOME.COM\root\SMSSoftware Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Trying to connect to the \\PS1SITE.AWESOME.COM\root\sms\site_PS1 namespace on the PS1SITE.AWESOME.COM machine.Software Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Connected to \\PS1SITE.AWESOME.COM\root\sms\site_PS1Software Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Download destination = \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1\windows6.1-kb2807986-x86.cab .Software Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Contentsource = http://wsus.ds.download.windowsupdate.com/msdownload/update/software/secu/2013/02/windows6.1-kb2807986-x86_83d5bb38d8c50d924f3dcd024b20fe33afbd9d14.cab .Software Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Downloading content for ContentID = 471, FileName = windows6.1-kb2807986-x86.cab.Software Updates Patch Downloader1/23/2014 3:31:34 PM1400 (0x0578)Download http://wsus.ds.download.windowsupdate.com/msdownload/update/software/secu/2013/02/windows6.1-kb2807986-x86_83d5bb38d8c50d924f3dcd024b20fe33afbd9d14.cab to C:\Users\Admin\AppData\Local\Temp\2\CABBA79.tmp returns 0Software Updates Patch Downloader1/23/2014 3:31:36 PM5736 (0x1668)Successfully moved C:\Users\Admin\AppData\Local\Temp\2\CABBA79.tmp to \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1\windows6.1-kb2807986-x86.cabSoftware Updates Patch Downloader1/23/2014 3:31:36 PM5736 (0x1668)Renaming \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1 to \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1Software Updates Patch Downloader1/23/2014 3:31:36 PM1400 (0x0578)Successfully moved \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1.1 to \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1Software Updates Patch Downloader1/23/2014 3:31:36 PM1400 (0x0578)
After the updates get downloaded, SMS Provider adds each update to the specified package.
SMSProv:Requested class =SMS_SoftwareUpdatesPackageSMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)Requested num keys =1SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)CExtProviderClassObject::DoExecuteMethod AddUpdateContentSMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC) *** SspPackageInst::AddUpdateContent ***SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)CObjectLock::UserHasLock: ********** User AWESOME\Admin has lock for object SMS_SoftwareUpdatesPackage.PackageID="PS100001" with LockID: DCE6F1B5-1EE8-47CB-85A7-3027E51119A7 **********SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)CObjectLock::ReleaseLock: ********** User AWESOME\Admin has released lock for object SMS_SoftwareUpdatesPackage.PackageID="PS100001" with LockID: DCE6F1B5-1EE8-47CB-85A7-3027E51119A7 **********SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)SspPackageInst::AddContent() called for these ContentIDs - {471}SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)SspPackageInst::AddContent() called with these CIContentSourcePath - {"\\PS1SITE\SOURCE\Updates\Win7"}SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)RefreshDPs value is FALSE. DP(s) will not be updated at the end of the operationSMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)These Contents will be added to Software Updates Package - PS100001 with PackageSource - \\PS1SITE\SOURCE\Updates\Win7SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)Adding Content with ID 471, UniqueID d09e9a92-20e7-455a-a51b-aaeca7b7d7e1 and ContentSource \\PS1SITE\SOURCE\Updates\Win7 to the PackageSMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)ContentFileName = windows6.1-kb2807986-x86.cab, SourceURL = http://wsus.ds.download.windowsupdate.com/msdownload/update/software/secu/2013/02/windows6.1-kb2807986-x86_83d5bb38d8c50d924f3dcd024b20fe33afbd9d14.cab, ImportPath = , ContentFileHash = SHA1:83D5BB38D8C50D924F3DCD024B20FE33AFBD9D14SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)File Source = \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1\windows6.1-kb2807986-x86.cabSMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)File Destination = \\PS1SITE\SOURCE\Updates\Win7\d09e9a92-20e7-455a-a51b-aaeca7b7d7e1SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)CExtUserContext::LeaveThread : Releasing IWbemContextPtr=57376560SMS Provider1/23/2014 3:31:36 PM4060 (0x0FDC)
After all the updates are added to the Package, SMS Provider updates the package:
SMSProv.log:CExtUserContext::EnterThread : User=AWESOME\Admin Sid=0x01050000000000051500000068830AA65AAB72A155BCE9324F040000 Caching IWbemContextPtr=00000000036B7E50 in Process 0xc68 (3176)SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: SMSAppName=Configuration Manager Administrator consoleSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: MachineName=PS1SITE.AWESOME.COMSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: UserName=AWESOME\AdminSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: ObjectLockContext=c00c315d-b15d-4b0e-9844-017205cc2443SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: ApplicationName=Microsoft.ConfigurationManagement.exeSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: ApplicationVersion=5.0.7958.1000SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: LocaleID=MS\0x409SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: __ProviderArchitecture=32SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: __RequiredArchitecture=0 (Bool)SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: __ClientPreferredLanguages=en-US,enSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: __GroupOperationId=755382SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Context: __WBEM_CLIENT_AUTHENTICATION_LEVEL=6SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)CExtUserContext : Set ThreadLocaleID OK to: 1033SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)CSspClassManager::PreCallAction, dbname=CM_PS1SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)ExecMethodAsync : SMS_SoftwareUpdatesPackage.PackageID="PS100001"::RefreshPkgSourceSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Requested class =SMS_SoftwareUpdatesPackageSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Requested num keys =1SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)CExtProviderClassObject::DoExecuteMethod RefreshPkgSourceSMS Provider1/23/2014 3:31:44 PM1060 (0x0424)Auditing: User AWESOME\Admin called an audited method of an instance of class SMS_SoftwareUpdatesPackage.SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)CExtUserContext::LeaveThread : Releasing IWbemContextPtr=57376336SMS Provider1/23/2014 3:31:44 PM1060 (0x0424)
When the Update Group Assignment is created, SMS Provider inserts information about the Assignment in the CI_Assignments table, which then triggers SMSDBMON which notifies Object Replication Manager to process the Update Group Assignment by dropping a .CIA file in objmgr.box.
SMSDBMON.log:RCV: INSERT on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60916]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: INSERT on CrpChange_Notify for CrpChange_Notify_ins [14 ][60917]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60920]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777222 ][60921]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60923]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777222 ][60924]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: UPDATE on CI_CIAssignments for CIAssignmentNotify_iu [16777222 ][60926]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: UPDATE on CI_AssignmentTargetedCIs for CI_AssignmentTargetedCIs_CIAMGR [16777222 ][60927]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\objmgr.box\16777222.CIA [60916]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\14.CRP [60917]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:37 PM3908 (0x0F44)RCV: INSERT on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16786995 ][60929]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:47 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16786995.PAC [60929]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:47 PM3908 (0x0F44)RCV: INSERT on PkgNotification for PkgNotify_Add [PS100001 ][60930]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:52 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\distmgr.box\PS100001.PKN [60930]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:31:52 PM3908 (0x0F44)RCV: INSERT on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16786995 ][60931]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:32:02 PM3908 (0x0F44)RCV: UPDATE on PolicyAssignmentChg_Notify for PolicyAssignmentChg_Notify_iu [16786995 ][60932]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:32:02 PM3908 (0x0F44)SND: Dropped E:\ConfigMgr\inboxes\policypv.box\policytargeteval\16786995.PAC [60931]SMS_DATABASE_NOTIFICATION_MONITOR1/23/2014 3:32:02 PM3908 (0x0F44)
After Object Replication Manager detects the CIA file in the objmgr.box, it processes the file and creates the policy for the Software Update Assignment.
ObjMgr.log:File notification triggered.SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)+++Begin processing changed CIA objectsSMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)***** Processing Update Group Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745} *****SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)Deleting notification file E:\ConfigMgr\inboxes\objmgr.box\16777222.CIASMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)CI Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745} has 3 Targeted CI(s)SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)PolicyID {3ACE84D4-7B2A-4D86-81AF-07E2AC255745} PolicyVersion 1.00 PolicyHash SHA256:63BAFA808F969849B40B2B727B49BC5093B965782716DDE3490528681CF27ACCSMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)Notifying policy provider about changes in policy content/targetingSMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)Successfully created policy for CI Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745}SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:37 PM3380 (0x0D34)Notifying policy provider about changes in policy content/targetingSMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Successfully updated Policy Targeting for CI Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745}SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)No file trigger for E:\ConfigMgr\inboxes\objmgr.box\16777222.CIV - status 2SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Assigned CIs: [ 16777264 ]SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Begin processing Assigned CI: [16777264]SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Creating VersionInfo policy for CI 16777264SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Creating VersionInfo policy ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A/VISMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)16777264 Referenced CIs: [ 929 930 1041 1042 1132 1133 ]SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)VersionInfo policy for CI 16777264 is Machine typeSMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)PolicyID ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A/VI PolicyVersion 1.00 PolicyHash SHA256:6EFE96F3D67773CA965EC67EC60B602FC78242509A096FCF44C2D5FDD5B2FC76SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Notifying policy provider about changes in policy content/targetingSMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Updated dependent policy references to CIA {3ACE84D4-7B2A-4D86-81AF-07E2AC255745}SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)STATMSG: ID=5800 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_OBJECT_REPLICATION_MANAGER" SYS=PS1SITE.AWESOME.COM SITE=PS1 PID=5404 TID=3380 GMTDATE=Thu Jan 23 20:31:38.889 2014 ISTR0="Microsoft Software Updates - 2014-01-23 03:30:52 PM" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=414 AVAL0="{3ACE84D4-7B2A-4D86-81AF-07E2AC255745}"SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Successfully updated CRCs for CI Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745}SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Successfully processed Update Group Assignment {3ACE84D4-7B2A-4D86-81AF-07E2AC255745}SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:38 PM3380 (0x0D34)Set last row version for CI Assignment to 0x0000000000296628SMS_OBJECT_REPLICATION_MANAGER1/23/2014 3:31:39 PM3380 (0x0D34)
After getting notified by the Object Replication Manager, Policy Provider finally updates the policy for the clients.
PolicyPv.log:File notification triggered.SMS_POLICY_PROVIDER1/23/2014 3:31:37 PM5568 (0x15C0)Found 14.CRPSMS_POLICY_PROVIDER1/23/2014 3:31:37 PM1800 (0x0708)Adding to delete list: E:\ConfigMgr\inboxes\policypv.box\policytargeteval\14.CRPSMS_POLICY_PROVIDER1/23/2014 3:31:37 PM1800 (0x0708)Processing any pending PolicyAssignmentChg_NotifySMS_POLICY_PROVIDER1/23/2014 3:31:47 PM5568 (0x15C0)Updating ResPolicyMapSMS_POLICY_PROVIDER1/23/2014 3:31:47 PM5568 (0x15C0)Policy or Policy Target Change Event triggered.SMS_POLICY_PROVIDER1/23/2014 3:31:47 PM5568 (0x15C0)File notification triggered.SMS_POLICY_PROVIDER1/23/2014 3:31:47 PM1800 (0x0708)Building Collection Change List from Collection Member Notification filesSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)--Handle PolicyAssignment ResigningSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)Completed batch with beginning PADBID = 16786995 ending PADBID = 16786996.SMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)--Process Policy ChangesSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)Found some Policy changes, returning New LastRowversion=0x000000000029662BSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)Processing Updated PoliciesSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)Building Collection Change List from New and Targeting Changed PoliciesSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)--Update Policy Targeting MapSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)**** Evaluating Collection 14 for targeting changes ****SMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)Advanced client policy changes detected for collection 14, *** 5 Added & 0 Deleted ***.SMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)--Process Policy Targeting MapSMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)**** Process notification table to update resultant targeting table ****SMS_POLICY_PROVIDER1/23/2014 3:31:57 PM5568 (0x15C0)
SQL Profiler covering the entire process shows:
SQL Profiler:
insert into CI_CIAssignments (AssignmentAction, Description, AssignmentName, DesiredConfigType, DisableMomAlerts, DPLocality, AssignmentEnabled, EnforcementDeadline, EvaluationSchedule, ExpirationTime, LimitStateMessageVerbosity, LogComplianceToWinEvent, NonComplianceCriticality, NotifyUser, OverrideServiceWindows, PersistOnWriteFilterDevices, RaiseMomAlertsOnFailure, RandomizationEnabled, RebootOutsideOfServiceWindows, SendDetailedNonComplianceStatus, StartTime, StateMessagePriority, StateMessageVerbosity, SuppressReboot, UseBranchCache, UseGMTTimes, UserUIExperience, WoLEnabled, TargetCollectionID, LocaleID, Assignment_UniqueID, SourceSite, LastModifiedBy, AssignmentType, CreationTime, LastModificationTime, IsTombstoned) values (2, N'', N'Microsoft Software Updates - 2014-01-23 03:30:52 PM', 1, 0, 16, 1, '01/30/2014 15:30:00', null, null, 1, 0, null, 1, 0, 1, 0, null, 0, 0, '01/23/2014 15:31:00', 5, 5, 0, 1, 0, 1, 0, 14, 1033, N'{3ACE84D4-7B2A-4D86-81AF-07E2AC255745}', N'PS1', N'AWESOME\Admin', 5, '01/23/2014 20:31:31', '01/23/2014 20:31:31', 0);
insert into CI_AssignmentTargetedGroups (CI_ID, AssignmentID) values (16777264, 16777222)
insert into CI_ContentPackages (Content_ID, ContentSubFolder, ContentVersion, Content_UniqueID, MinPackageVersion,PkgID) VALUES ('471', N'd09e9a92-20e7-455a-a51b-aaeca7b7d7e1', '1', N'd09e9a92-20e7-455a-a51b-aaeca7b7d7e1', '0', N'PS100001')
insert Policy(Version, PolicyHash, PolicyFlags, PolicyPriority, DeviceVersion, PolicyID) values(N'1.00', N'SHA256:63BAFA808F969849B40B2B727B49BC5093B965782716DDE3490528681CF27ACC', 16592, 25, N'''', N'{3ACE84D4-7B2A-4D86-81AF-07E2AC255745}')
insert PolicyAssignment(PolicyAssignmentID, PADBID, Version, PolicyID, IsTombstoned, LastUpdateTime) values(N'{8d9ba949-d038-4c09-a0cc-af3f07c39d71}', 16786995, N'1.00', N'{3ACE84D4-7B2A-4D86-81AF-07E2AC255745}', 0, GetUTCDate())
DECLARE @AssignedCIs TABLE(CI_ID INT) BEGIN INSERT INTO @AssignedCIs SELECT DISTINCT ATG.CI_ID FROM CI_AssignmentTargetedGroups ATG INNER JOIN vCI_CIAssignments CIA ON CIA.AssignmentID = ATG.AssignmentID WHERE CIA.Assignment_UniqueID = '{3ACE84D4-7B2A-4D86-81AF-07E2AC255745}' IF @@ROWCOUNT = 0 BEGININSERT INTO @AssignedCIs SELECT DISTINCT ATCI.CI_ID FROM vCI_AssignmentTargetedCIs_Actual ATCI INNER JOIN vCI_CIAssignments CIA ON CIA.AssignmentID = ATCI.AssignmentID WHERE CIA.Assignment_UniqueID = '{3ACE84D4-7B2A-4D86-81AF-07E2AC255745}'END END SELECT DISTINCT CI_ID FROM @AssignedCIs
insert Policy(Version, PolicyHash, PolicyFlags, PolicyPriority, DeviceVersion, PolicyID) values(N'1.00', N'SHA256:6EFE96F3D67773CA965EC67EC60B602FC78242509A096FCF44C2D5FDD5B2FC76', 208, 25, N'''', N'ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A/VI')
UPDATE Policy SET DeviceBody = NULL where PolicyID='ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A/VI'
insert PolicyAssignment(PolicyAssignmentID, PADBID, Version, PolicyID, IsTombstoned, LastUpdateTime) values(N'{64ed94a2-ff08-42a7-9e42-b292409c79e8}', 16786996, N'1.00', N'ScopeId_FC8FCC38-4BB1-4245-92F5-9CE841775019/AuthList_9D013E6D-EF76-43F6-ACC4-80749AB8D90A/VI', 0, GetUTCDate())
insert CI_AssignmentCRCs (Assignmen
